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REMARKS 

The claims have been amended for clarity, and some have been amended to define 
Applicants' contribution to the art with greater particularity. The additions to claims 2, 1 0 and 1 5, 
and the subject matter of new claims 1 7-21 are based on the disclosure on page 7, line 23 - page 8, 
line 12 of the application as filed The additions to claims 4 and 14 are based on the sentence 
bridging pages 6 and 7 of the specification. 

Applicants traverse the rejection of claims 1-16 as being obvious from Spies et al. (U.S. 
Patent 5,689,565) in view of Schiedt et al. (U.S. Patent 6,754,820). The Office Action erroneously 
says Figures 1 and 2 of Spies et al., as well as the Abstract; column 5, line 21 - column 6, line 24, 
and column 6, lines 36 - column 7, line 28 disclose all features of claim 1, with the exception the 
requirement for a credential index to differ substantially from the credential. The Office Action 
says the admitted missing features are disclosed by Fig, 3, column 5, line 3 1 - column 6, line 58, 
and column 1 0, lines 10-65 of Scheidt et al.. The Office Action also erroneously says it would have 
been obvious to combine the references because such a combination would have provided 
sensitivity level or multiple-level access control such that access to credentials id dependent on the 
method of member identification and enforced domain authority dictated policies for multiple-level 
access control by credential category 

Firstly, Applicants note the patent ambiguity in the discussion of the requirements of claim 
1, because the roles of participants 22a and 22b are reversed in page 3, lines 4, 5, 9 and 10 of the 
Office Action. On lines 4 and 5, participants 22a and 22b are respectively identified as the claimed 
sender and recipients, but on lines 9 and 10, the claimed recipient and sender are respectively 
identified as 22a and 22b. 
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Column 5, line 21 - column 7, line 28 of Spies indicates electronic commercial transactions 
between participants 22(a), 22(b), 22(c) involve one or more commerce documents and one, or more 
commerce instruments. A commerce document defines a type of commercial transaction, e.g., 
purchase orders, receipts and contracts. A commercial instrument is a mode of payment, e.g., 
check, cash or credit card. A certified trusted authority 26, e.g., a bank, includes server 28 to 
provide secure exchange of documents and instruments over an insecure communications system. 
Server 28 and participant computers 24(a), 24(b) and 24(c) are capable of encrypting and decrypting 
messages, digitally signing messages and verifying the authenticity of messages form the 
participants. 

In an initial registration phase illustrated in Fig. 1, each participant 22 seeks approval of 
authority 26. In the second phase of Fig. 2, participants 22 exchange documents and instruments. 
During the first phase, participants 22 generate and send a registration packet over paths 30 to server 
28 of authority 26 that produces and sends back unique credentials 32 for and to each participant 22. 
The credentials are based on information in the registration packets. Authority 26 digitally sings the 
credentials. The credentials are used to identify and authenticate the participants during a 
commercial transaction, at which time an originating transaction participant 22(a) encryptically 
transmits to another first recipient 22b, without reference to authority 26, its credential 32 along 
with a document 36 and an instrument 38. First recipient 22(b) passes the credential document and 
instrument of participant 22(a) to a second recipient 22(c), Typically, participants 22(a), 22(b) and 
22(c) are respectively a purchaser, merchant and banker. 

Based on the foregoing, applicants are unable to understand the Examiner's rationale that 
Spies et al. discloses what is attributed to Spies et al. in the paragraph bridging pages 3 and 4 of the 
Office Action. Explanation is requested. 
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The Office Action relies on Scheldt et aL to disclose a credential index that differs from a 
credential, Scheidt et ah is concerned with a multi-level access system that controls a computer 
system object The Office Action relies on Fig, 3, column 5, line 31 - column 6, lines 58 and 
column 10, lines 10-65. The only mention of credential index in the relied on portions of Scheidt et 
al. appears to be at column 10, lines 53-59, that says an advanced encryption algorithm (AES) key is 
calculated using a counter of 00000001 x6 and a credential index. The number of chosen credentials 
Si for the various multiple credential selection categories (MCSC) are desired keys that are used to 
encrypt S/ of the threshold shares with AES. The keys are encrypted in order, so the lowest index 
credential is used to encrypt the second share because the first share remains in plan text. Scheidt et 
al. goes on to say the threshold key for each category is used like a shared value in the computation 
of a random value encryption key (REK). 

It is not seen how this relied on portion of Scheidt et al would be combined by one of 
ordinary skill in the ait with the Spies et al. commerce system of Figs. 1 and 2 to arrive at the 
method of claim 1 . Explanation is requested. 

Further, the Examiner must explain why one of ordinary skill in the art would want to 
modify Spies et al. to include a sensitivity level or multiple access control such that access to 
credentials is dependent on the method of member identification and enforced domain authority 
dictated policies for multiple-level access control by credential category. 

To reject claim 21 , the Office Action says Speis et al., at Fig. 2, column 7, line 7 - column 8, 
line 26, discloses the recipient responding to the credential index by determining whether the at least 
one credential is sufficient and the recipient communicating the result of the determination to the 
sender. The Examiner is requested to explain how there is a disclosure in the relied on portion of 
Spies of a credential index. In addition, Claim 2 now more specifically defines the method by 
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requiring a service provider to determine whether a credential is sufficient for the service provider to 
provide a service to the sender, and to communicate such a determination to the sender. 

To reject claim 3, the Office action relies on column 1, lines 17 - column 8, lines 28 and 
column 25, lines 7 to column 26, line 41 of Spies to disclose the recipient responding to the 
credential index by determining a service level according to the at least one credential indexed in the 
credential index and the recipient communicating the service level to the sender by using a certified 
trusted authority 26 of Fig. 1 to process participant data information. However, Fig. 1, and the 
description thereof, is concerned with the registration process that involves messages between 
authority 26 and participants 22. In the analysis of claim 1 , the sender and recipients were 22(a) and 
22(b), and there was no mention of authority 26. In other words the Examiner has inconsistently 
considered claims 1 arid 3. 

Claim 4 now requires the number of credential indices to exceed the number of credentials. 

The Examiner is requested to indicate how Spies discloses the claim 5 requirement for the 
recipient to respond to the credential index by determining a service level according to each of the 
plurality of credential indices communicated to the recipient by the sender, and communicating the 
service level corresponding to at least one of the credential indices to the sender. 

The combination of Spies et al. and Scheidt et al. to reject each of claims 6-16 is erroneous, 
inter alia, because one of ordinary skill in the art would not have combined the references for the 
reasons discussed supra. 

Concerning claim 10, the Examiner is requested to indicate in detail how authority 26 of 
Spies et al* responds to an index communicated by the user by selecting at least one of the user 
provided credentials from the credential index provided by the user. The Examiner is also requested 
to indicate how authority 26 responds to the index communicated by the user so to then 
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• t 

communicate back to the user an indication of (he selected credential. The Examiner is also 
requested to explain where Spies et al. discloses a participant 22 responding to the indication of the 

I selected credential by providing to authority 26 at least one credential corresponding to the selected 

credential, and how authority 26 responds to the credential corresponding to the selected credential 
provided to the user by authorizing the service to the user. Fig. 1 and the description thereof only 

| disclose single a message being transmitted from each of participants 22 to authority 26, and a 

single message with an authorization from authority 26 to participants 22. 

New claims 1 7-21 define features that are not disclosed or made obvious by the 
combination of Spies et al. and Scheidt et al. by defining operations that occur in response to the 
service provider determining that, based on the user's credentials, the user is not authorized to 
obtain the service the user is seeking. 

In view of the foregoing amendments and remarks, favorable reconsideration and allowance 
are respectfully requested and deemed in order. 
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Respectfully submitted, 
Rlchaj-d BROWN et al 

Allan M.Lowe 
Registration No. 19,641 
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